Deploying and configuring uBlock Origin Lite with PowerShell and Microsoft Intune

by
post views: 3,962

Introduction

Ad blocking is often dismissed as a convenience feature for users tired of intrusive banners and pop-ups. But in 2025 – almost 2026 – it’s time to reframe the conversation: ad blocking is a fundamental security control every organization should implement.

Malvertising has become an extremely effective attack vector. Threat actors exploit legitimate ad networks to deliver malware, phishing sites, and exploit kits – even on trusted websites. Tracking scripts in ads also collect sensitive data, creating privacy and compliance risks.

The good news? Ad blocking is free, proven security you can deploy today. Installing uBlock Origin Lite is easy. Configuring it at scale for an enterprise? That’s the challenging part. In this post, I’ll show you how I solved that challenge with a comprehensive PowerShell script that centrally configures uBlock Origin Lite across managed browsers using Microsoft Intune.

Microsoft Intune

Deploying uBlock Origin Lite with Microsoft Intune is straightforward using the Settings Catalog. While the process is well-documented, I’ve included key screenshots for quick reference.

Use the correct extension ID for your browser:

  • Microsoft Edge: cimighlppcgcoapaliogpjjdehbnofhn
  • Google Chrome: ddkjiahejlhfcafbddmgiahcphecmpfh

Note: The screenshots provided focus on the Microsoft Edge policy.

I recommend setting the value below to * and using the exemption option to maintain a controlled environment. This approach effectively blocks all extensions by default and only allows those explicitly exempted.

PowerShell

Installing the extension is easy. Configuring it consistently across many devices is the real challenge. To address this, I’ve written a PowerShell script that applies uBlock Origin Lite settings automatically.

What the Script Does

  • Configures uBlock Origin Lite settings for Edge and Chrome.
  • Writes JSON configuration to the correct registry paths.
  • Applies custom filter lists and extension options.
  • Supports domain exclusions for sites that should bypass ad blocking.

Configure the Script via Parameters

The script is parameterized so you can control which browsers to target, how strict filtering should be, and which domains/features/rulesets to allow or block—without editing the script body.

Deploying the Script

Once your script is ready and configured, you can deploy it using Microsoft Intune.

Intune Deployment

  1. In the Microsoft Intune admin center, go to: Devices → Scripts and remediations → Platform scripts → Add → Windows 10 and later.
  2. Upload your script (Config-uBlock-Lite.ps1).
  3. Configure the following:
    • Run this script using the logged-on credentials: No (run as system).
    • Enforce script signature check: No (unless you sign the script).
    • Run script in 64-bit PowerShell: Yes.
  4. Assign the script to your target device group(s).
  5. Save and monitor deployment under Device status.

ENJOY 🙂

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.